April 21 PSN and Qriocity outage

[PokerChip]

Yeah, I must say I am not impressed. Seems like PR101 to let people know about their personal info getting out there, although they're not fully admitting to that.

The fecal matter is about to hit the fan once mainstream media gets on it.

[Tezster]

This is huge, and quite upsetting.

If Sony have known about personal information having been compromised since day one, but only made a statement about it now... wow... that's bordering on negligence.

This is well beyond simply losing access to a free online service for a few days.

[hugh]

I leave my CC number on file with iTunes but I never trusted Sony's implementation so I never gave them my credit card number. Guess that turned out to be a wise decision.


If I had though, I would be furious right now because everything on that blog page is U.S.A. What about Canadians or citizens of other countries? Surely a large number of the 75 million are outside the U.S. What is Sony doing for them? Do we know?

[Shiningblade]

I just got off the phone with Sony and they say it effects ALL PSN users, including Canadian ones.

Cheers

[hugh]

Sony says hackers obtained the following information about its users:

• Name,
• Address (city, state, zip)
• Country,
• Email Address,
• Birthdate
• PlayStation Network/Qriocity password
• PlayStation Network/Qriocity login
• PSN online ID.

The hackers may also have gleaned the following data about users:

• Profile data
• Purchase history and billing address (city, state, zip)
• PlayStation Network/Qriocity password security answers
• All of the above information for authorized sub-accounts

The company is unsure whether credit card data was taken.

[Inzane]

Thanks for the clarification guys. Now I properly understand the depths of concern for the average Sony PSN user.

I guess I should be glad I've procrastinated on "pluggin in" my PS3.


PS - Regarding itunes, I just keep feeding it itunes gift cards rather than my credit card. I've always felt safer doing it that way.

[timmy1]

I look at that statement and wonder if they were storing credit card info and passwords in plaintext. You would think that they would want to mention that some of the info was hashed if that was their practice. Regardless, I'm ditching my PS3 in short order. Sony has repeatedly demonstrated that they don't care much for their customers. Too bad -- I really loved my Sony Walkman back in '83.

[audacity]

Quote:

Originally Posted by timmy1

I look at that statement and wonder if they were storing credit card info and passwords in plaintext. You would think that they would want to mention that some of the info was hashed if that was their practice.

I too find that interesting. Were the passwords stored in plaintext, were they hashed (so they could be discovered using rainbow tables), or were they hashed with a salt to prevent rainbow table techniques to reverse the hash.

[madhi19]

Yeah if you been using the same password for PSN and a few other place now might be wise to change them all!

[Eluder]

So what the heck do we do now with regards to our security?

I mean if these hackers have all our pertinent info, how do we protect ourselves?

[timmy1]

Quote:

I mean if these hackers have all our pertinent info, how do we protect ourselves?

If you've used the same password anywhere else, change it. And keep checking your credit card bill. You might even want to cancel your card. Other than that, there's not much we can do. Well, except never trust Sony with our info again.

[Inzane]

Ok, hang on a sec.

I can understand people being mad at Sony because it took so long for them to communicate the extent they were compromised.

But some of you guys also sound mad just at the fact that Sony got hacked. Why? Do you think your data is really any safer with: Amazon? Paypal? Ebay? Facebook? Steam? Your own bank website? etc.

Couldn't this kind of external intrusion happen to any big corporation?

[GrimJack]

The scope of the breech seems to indicate that Sony wasn't following any of the best practices for securing confidential information.

This isn't data that needs to be highly available and it's possible to structure it so that you can only access information on a person with a shared secret (Like say a hash of their password)

The database servers shouldn't have been accessible enough to compromise just because the external facing servers were.

[madhi19]

Quote:

Originally Posted by timmy1

If you've used the same password anywhere else, change it. And keep checking your credit card bill. You might even want to cancel your card. Other than that, there's not much we can do. Well, except never trust Sony with our info again.

Am thinking class action lawsuit might be in order but I bet they covered everything in the freaking eula! Sony will have to do something really juicy to calm peoples down.

[Eluder]

Well they've lost me as a customer of PSN; I am currently a PSN+ subscriber, but I'm definitely not renewing now.

I think Sony is going to be tanking for a little while until they can reassure all their customers that their systems are once again secure.